专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10038603B1 Packet capture collection tasking system 有权
公开(公告)号：US10038603B1
公开(公告)日：2018-07-31
申请号：US15051475
申请日：2016-02-23
申请人： AREA 1 SECURITY, INC.
发明人： Blake Darche , Javier Castro , Chiraag Aval
IPC分类号： G06F15/173 , H04L12/26
CPC分类号： H04L43/028 , H04L43/04 , H04L43/12
摘要： A method and apparatus for packet capture is provided. A computer system comprises: a plurality of sensor computers each programmed to capture data packets directed to a different compromised computer from one or more attacker computers; a command server that is programmed to identify a first packet capture filter of a plurality of packet capture filters for a first sensor computer of the plurality of sensor computers, to transmit, via a communications network, the first packet capture filter to the first sensor computer of a plurality of sensor computers, wherein the first packet capture filter is programmed to cause the first sensor computer to capture a first set of data packets that have been routed toward a first compromised computer, and to identify a second packet capture filter of the plurality of packet capture filters for a second sensor computer of the plurality of sensor computers, to send, via the communications network, wherein the second packet capture filter is programmed to cause the second sensor computer to capture a second set of data packets that have been routed toward a second compromised computer, and to instruct the first sensor computer to capture data packets using the first packet capture filter and to instruct the second sensor computer to capture a second set of data packets using the second packet capture filter.

2. 发明授权

US09609013B1 Detecting computer security threats in electronic documents based on structure 有权
公开(公告)号：US09609013B1
公开(公告)日：2017-03-28
申请号：US15162233
申请日：2016-05-23
申请人： AREA 1 SECURITY, INC.
发明人： Oren Falkowitz , Philip Syme
IPC分类号： H04L29/06
CPC分类号： H04L63/145 , G06F17/30861 , H04L63/02 , H04L63/0227 , H04L63/0254 , H04L63/1433 , H04L63/1458 , H04L63/1483 , H04L67/02 , H04L67/14 , H04L67/141 , H04L67/142 , H04L67/143 , H04L69/161 , H04L69/22
摘要： In an embodiment, a method providing an improvement in remediating vulnerabilities in computer security comprising: receiving, using a network tap of a sensor computer that is coupled to a compromised computer, a communication packet that was sent from the compromised computer to a target computer; using the sensor computer, determining that the target computer is one of a plurality of enterprise computers; reading, at the sensor computer, a plurality of fields within a header of the communication packet; and performing a remediation measure by generating a header of an action packet, wherein the header comprises duplicates of at least some fields of the plurality of fields so as to appear to be generated by the target computer, generating a payload of the action packet, and sending the action packet comprising the generated header and the generated payload to the compromised computer.

3. 发明授权

US09350750B1 Distribution of security rules among sensor computers 有权
标题翻译：传感器计算机之间的安全规则分布
公开(公告)号：US09350750B1
公开(公告)日：2016-05-24
申请号：US14678691
申请日：2015-04-03
申请人： AREA 1 SECURITY, INC.
发明人： Chiraag Aval , Sandeep Mandala
IPC分类号： H04L29/06 , H04L29/08
CPC分类号： H04L63/145 , H04L63/1416 , H04L63/1425 , H04L63/1466 , H04L67/02 , H04L67/06 , H04L67/34 , H04L2463/146
摘要： Systems and methods for generating rules in a networking environment having one or more sensor computers logically connected to compromised computers are provided. The rules comprise detection data used by a sensor computer to detect a potential security threat and a specified remediation measure that is caused to be performed when the security threat is detected. A security control computer generates the rules from record of series of actions created by the sensor computer, generates a rule, and distributes the rule to the sensor computers. The sensor computers periodically poll a central database for new rules and store a copy of each rule locally. Using the locally stored rules, the sensor computers can more efficiently and accurately respond to security threats.
摘要翻译：提供了在具有逻辑上连接到受损计算机的一个或多个传感器计算机的网络环境中生成规则的系统和方法。规则包括由传感器计算机使用以检测潜在的安全威胁的检测数据和当检测到安全威胁时被执行的指定的修复措施。安全控制计算机从传感器计算机创建的一系列动作的记录生成规则，生成规则，并将规则分发给传感器计算机。传感器计算机定期轮询中央数据库以获取新规则，并在本地存储每个规则的副本。使用本地存储的规则，传感器计算机可以更有效和准确地响应安全威胁。

4. 发明授权

US11165859B1 Scaling stateful services hosted in a cluster of server nodes 有权
公开(公告)号：US11165859B1
公开(公告)日：2021-11-02
申请号：US17227197
申请日：2021-04-09
申请人： Area 1 Security, Inc.
发明人： Jeremy Eckman , Michael Flester , Eric Newton
IPC分类号： H04L29/08
摘要： In an embodiment, the disclosed technologies implement scaling operations for clusters of server nodes hosting stateful services. An embodiment includes a cluster manager computer calling a first instance of scaling status functions for a first stateful service and a second instance of scaling status functions for a second stateful service, the first stateful service being programmed to implement a different service than the second stateful service. The cluster manager computer is programmed to implement different scaling operations for the first stateful service and the second stateful service, each set of the scaling operations being optimized for respective services.

5. 发明授权

US10587483B1 Packet capture collection tasking system 有权
公开(公告)号：US10587483B1
公开(公告)日：2020-03-10
申请号：US16050451
申请日：2018-07-31
申请人： AREA 1 SECURITY, INC.
发明人： Blake Darche , Javier Castro , Chiraag Aval
IPC分类号： H04L12/26
摘要： A method and apparatus for packet capture is provided. A computer system comprises: a plurality of sensor computers each programmed to capture data packets directed to a different compromised computer from one or more attacker computers; a command server that is programmed to identify a first packet capture filter of a plurality of packet capture filters for a first sensor computer of the plurality of sensor computers, to transmit, via a communications network, the first packet capture filter to the first sensor computer of a plurality of sensor computers, wherein the first packet capture filter is programmed to cause the first sensor computer to capture a first set of data packets that have been routed toward a first compromised computer, and to identify a second packet capture filter of the plurality of packet capture filters for a second sensor computer of the plurality of sensor computers, to send, via the communications network, wherein the second packet capture filter is programmed to cause the second sensor computer to capture a second set of data packets that have been routed toward a second compromised computer, and to instruct the first sensor computer to capture data packets using the first packet capture filter and to instruct the second sensor computer to capture a second set of data packets using the second packet capture filter.

6. 发明授权

US09374385B1 Remediating computer security threats using distributed sensor computers 有权
标题翻译：使用分布式传感器计算机来修复计算机安全威胁
公开(公告)号：US09374385B1
公开(公告)日：2016-06-21
申请号：US14536493
申请日：2014-11-07
申请人： AREA 1 SECURITY, INC.
发明人： Oren Falkowitz , Philip Syme , Blake Darche
IPC分类号： G06F11/00 , H04L29/06
CPC分类号： H04L63/145 , H04L63/02 , H04L63/0227 , H04L63/1441
摘要： A data processing system comprises a security control computer performing operations comprising: receiving, an advertising exchange network computer, advertising presentation data indicating presentations of advertisements to particular browsers that have browsed to particular websites; determining, based upon detection data, whether the particular websites are associated with network attacks or malware; in response, storing transit data specifying computers that have visited the particular web sites and using the transit data to determine a plurality of particular web pages to inspect for threats; based on a hierarchical structure of the particular web pages and without consideration of content of the particular web pages, identifying one or more features, of links in the particular web page or files referenced in the particular web pages, that indicate one or more security threats in the web pages; and determining remediation measures to remediate security threats that are identified in one of the particular web pages.
摘要翻译：数据处理系统包括执行操作的安全控制计算机，包括：广告交换网络计算机，向特定网站浏览的特定浏览器的广告的广告呈现数据; 基于检测数据确定特定网站是否与网络攻击或恶意软件相关联; 作为响应，存储指定已访问特定网站的计算机的传输数据，并使用传输数据来确定多个特定网页以检查威胁; 基于特定网页的分层结构，并且不考虑特定网页的内容，识别特定网页中的链接或特定网页中引用的文件中的一个或多个特征，其指示一个或多个安全威胁在网页中以及确定修复措施来修复在特定网页之一中识别的安全威胁。

7. 发明授权

US09350757B1 Detecting computer security threats in electronic documents based on structure 有权
标题翻译：基于结构检测电子文档中的计算机安全威胁
公开(公告)号：US09350757B1
公开(公告)日：2016-05-24
申请号：US14723251
申请日：2015-05-27
申请人： AREA 1 SECURITY, INC.
发明人： Oren Falkowitz , Philip Syme
IPC分类号： H04L29/06 , H04L12/935 , H04L29/12
CPC分类号： H04L63/145 , G06F17/30861 , H04L63/02 , H04L63/0227 , H04L63/0254 , H04L63/1433 , H04L63/1458 , H04L63/1483 , H04L67/02 , H04L67/14 , H04L67/141 , H04L67/142 , H04L67/143 , H04L69/161 , H04L69/22
摘要： In an embodiment, a method providing an improvement in remediating vulnerabilities in computer security comprising: receiving, using a network tap of a sensor computer that is coupled to a compromised computer, a communication packet that was sent from the compromised computer to a target computer; using the sensor computer, determining that the target computer is one of a plurality of enterprise computers; reading, at the sensor computer, a plurality of fields within a header of the communication packet; and performing a remediation measure by generating a header of an action packet, wherein the header comprises duplicates of at least some fields of the plurality of fields so as to appear to be generated by the target computer, generating a payload of the action packet, and sending the action packet comprising the generated header and the generated payload to the compromised computer.
摘要翻译：在一个实施例中，提供了修复计算机安全性中的漏洞的方法，包括：使用耦合到受感染计算机的传感器计算机的网络抽头，将从受感染计算机发送到目标计算机的通信分组; 使用传感器计算机，确定目标计算机是多个企业计算机之一; 在所述传感器计算机处读取所述通信分组的报头内的多个字段; 以及通过生成动作分组的报头来执行修复措施，其中所述报头包括所述多个字段中的至少一些字段的重复，以便看起来由所述目标计算机生成，生成所述动作分组的有效载荷，以及将包括所生成的报头和所生成的有效载荷的动作分组发送到受感染的计算机。

8. 发明授权

US10528731B1 Detecting malicious program code using similarity of hashed parsed trees 有权
公开(公告)号：US10528731B1
公开(公告)日：2020-01-07
申请号：US15711765
申请日：2017-09-21
申请人： AREA 1 SECURITY, INC.
发明人： Philip Syme , Torsten Zeppenfeld , Peter Stein
IPC分类号： G06F21/56 , G06F8/41
摘要： Techniques are described herein for detecting malicious program code stored on computer devices before the code can be executed to potentially compromise a computer network. In an embodiment, a method comprises receiving, at a computer device, a file containing instructions in a programming language; based on a syntax of the programming language, parsing the file to generate parsed information, and based on the parsed information, generating a syntax tree for the file; identifying one or more alphanumeric strings in the syntax tree, and based on the alphanumeric strings, generating a syntax string for the syntax tree; generating a hash digest by applying a piecewise hashing to the alphanumeric strings in the syntax string; determining whether the hash digest indicates that the file contains potentially malicious code; in response to determining that the hash digest indicates that the file contains the potentially malicious code, performing a responsive action.

9. 发明授权

US09124622B1 Detecting computer security threats in electronic documents based on structure 有权
标题翻译：基于结构检测电子文档中的计算机安全威胁
公开(公告)号：US09124622B1
公开(公告)日：2015-09-01
申请号：US14536534
申请日：2014-11-07
申请人： AREA 1 SECURITY, INC.
发明人： Oren Falkowitz , Philip Syme
IPC分类号： H04L29/00 , H04L29/06 , G06Q30/02
CPC分类号： H04L63/1416 , G06Q30/0275 , H04L63/02 , H04L63/0227 , H04L67/02 , H04L67/10 , H04L67/12 , H04L67/18 , H04L67/32
摘要： In an embodiment, a data processing method providing an improvement in computer security comprises selecting, from a queue identifying a plurality of web pages, a particular web page to retrieve from one of a plurality of internet sources; causing retrieving a copy of the particular web page from a particular internet source; determining a hierarchical structure of the particular web page; based upon a hierarchical structure of the particular web page and without consideration of content of the particular web page, identifying one or more features, of links in the particular web page or files referenced in the particular web page, that indicate one or more security threats; determining a reputation score for the particular web page; determining a specified remediation measure, based upon the reputation score, to remediate a security threat that is identified in the particular web page; providing the specified remediation measure to one or more of a compromised computer, a sensor computer and an enterprise computer.
摘要翻译：在一个实施例中，提供计算机安全性的改进的数据处理方法包括从识别多个网页的队列中选择要从多个互联网来源之一检索的特定网页; 导致从特定互联网来源检索特定网页的副本; 确定所述特定网页的分层结构; 基于特定网页的分层结构，并且不考虑特定网页的内容，识别特定网页中的链接或特定网页中引用的文件中的一个或多个特征，其指示一个或多个安全威胁 ; 确定特定网页的信誉得分; 根据信誉分数来确定指定的修复措施来修复在特定网页中识别的安全威胁; 向受损计算机，传感器计算机和企业计算机中的一个或多个提供指定的修复措施。

10. 发明授权

US10574669B1 Packet filters in security appliances with modes and intervals 有权
公开(公告)号：US10574669B1
公开(公告)日：2020-02-25
申请号：US16251992
申请日：2019-01-18
申请人： AREA 1 SECURITY, INC.
发明人： Javier Castro , Blake Darche , Chiraag Aval
IPC分类号： H04L29/06 , H04L12/26
摘要： A computer system programmed to provide improved packet capture comprises: a plurality of sensor computers each programmed to capture data packets directed to a different compromised computer; a command server that is programmed to determine an expiration time for capturing a first set of data packets that have been routed toward a first compromised computer, to determine a time interval indicating an interval for capturing the first set of data packets, to identify a first packet capture filter of a plurality of packet capture filters for a first sensor computer of the plurality of sensor computers, to transmit, via a communications network, the first packet capture filter and a message, which comprises the time interval and the expiration time, to the first sensor computer of the plurality of sensor computers to capture the first set of data packets every the time interval and until the expiration time expires.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式